CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24359 – ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-24359
24 Jan 2025 — Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54514 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54514
11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54529 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54529
11 Dec 2024 — MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. • https://packetstorm.news/files/id/188787 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1CVE-2024-54498 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54498
11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://github.com/wh1te4ever/CVE-2024-54498-PoC •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55652 – PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
https://notcve.org/view.php?id=CVE-2024-55652
11 Dec 2024 — Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54149 – Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
https://notcve.org/view.php?id=CVE-2024-54149
09 Dec 2024 — Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. ... The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in v... • https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54154
https://notcve.org/view.php?id=CVE-2024-54154
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox En JetBrains YouTrack antes de 2024.3.51866, la toma de control del sistema era posible a través del path traversal en el entorno protegido del complemento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49360 – Path traversal in Sandboxie
https://notcve.org/view.php?id=CVE-2024-49360
29 Nov 2024 — An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' fil... • https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11114 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11114
12 Nov 2024 — Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html •
CVSS: 2.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51754 – Unguarded calls to __toString() when nesting an object into an array in Twig
https://notcve.org/view.php?id=CVE-2024-51754
06 Nov 2024 — In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). ... Fabien Potencier discovered that Twig did not run sandbox security checks in some circumstances. ... Jamie Schouten discovered that Twig could bypass the security policy for an object call. • https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73 • CWE-668: Exposure of Resource to Wrong Sphere •